Cloud, Minturn & Associates, LLC
Serving A Select Clientele With Personalized Service Since 1986
  
CMA

Cyber Theft & Espionage

 

What every business needs to know about

data breaches

The culprit is often someone close  to your business. A surprisingly large proportion of data breaches are carried out by insiders -- over half by some estimates-- or by business partners. A trusted employee could be the culprit.

The perpetrator could live halfway around the globe. To vandalize your building, a criminal must be on-site. But a hacker can operate from anywhere in the world. Organized cyber crime rings operate worldwide 24/7.

Size doesn't matter. Half of all companies that suffer data breaches have fewer than 1,000 employees.

Any company can be hit. Cyber criminals don't care where they steal private information from: retailers, health care institutions, manufacturers, professional service providers, media and entertainment companies, and financial institutions are all likely to be targeted. 

A breach can result from a simple mistake.  An employee might misplace a laptop, Blackberry, or couputer tapes or leave these in an unsecured location, such as an unlocked car.

Cyber risk is steadily increasing. Data breaches affect hundreds of millions of records a year and reports of breaches continue to rise at a dramatic rate.

 

10 Steps To Help Protect Your Database


All units should have antivirus software installed and updated
 
 regularly ie: "Norton or McAfee".  Run virus scans regularly.
 
All hard copy (paper) documentation should be shredded
 
 when not needed. Don't let employees make the decisions, shred it
 
 all.  Services are available to come to your location and do it on
 
site.
 

 Change passwords frequently and use a combination of at least 8

 

 letters, numerals, and signs.  Do not use names or words.  There is

 

 software that can conduct 60,000 combinations of searches per

 

 second to obtain your password.

 

 If you use a remote access software such as "GoToMYPC" reboot

 

 your office computer when not on line.

 

 Use a separate locked room for your server where service work is

 

 limited (no cleaning crew).

 

 Disable USB ports and Disc Drives on stations when they are not

 

 needed.  This will help cut down on internal theft by disgruntled

 

 employees.

 

  Minimize administrative privileges to only users who need them.

 

 Such users should use a separate unprivileged account for email

 

 and web browsing.

 

Install Monitoring Software on any unit that has access to the

 

 internet-web browser and email. Contact Cloud, Minturn &

 

 Associates, LLC for additional information on this subject.

 

Create a tough employee handbook policy that each employee

 

 must sign.  Policy must advise that there is monitoring software

 

 installed.  Contact Cloud, Minturn & Associates, LLC for additional

 

 information on this subject. 

 

Provide an Internet Cafe dedicate a unit that is NOT connected to

 

 your network for Google searches etc.

California S.B. 1386

The law became operative on July 1, 2003

This personal information privacy law requires any organization (state agency, person or business) conducting business in California and processing personal information for California residents to disclose any information security breach to California residents whose unencrypted personal information was obtained by an unauthorized person.

Notifications can be delayed if law enforcement determines it could hinder a criminal investigation. S.B. 1386 will preempt all local regulation of this issue.

What is "personal information"?

"Personal information" includes a person's first name or first initial and last name in combination with any one of the following when at least one of the pieces of information is not encrypted:

Social security number

Driver's license number or California Identification Card number

Account number, credit or debit card number, in combination with any required security code, access code, or password that allows access to a financial account.

What constitutes a "breach of the system"?

A "breach of the security of the system" is unauthorized "acquisition" of personal information resulting from a security compromise in the

organization's computer systems.

How must individuals be given "notice"?

Written notice

Electronic notice

Often overlooked is the potential loss of confidence in your organization by your customers and potential customers when a security breach occurs.